.LNK file is jacking computers through torrents to steal cryptocurrency

The only downside to cryptocurrency is the human error part. If you are not secure enough, you fall prey to a scam and .LNK fake file in movie torrents is now being used to jack cryptocurrency from computers.

Reportedly an anonymous researcher dubbed, “0xffff0800” has revealed that the famous torrent website Pirate Bay is the primary source of dissemination for these files.

The file is attached with a movie file which upon download is harmless. However, when clicked the .LNK file executes a silent PowerShell that creates the jacking opportunity.

The command for the virus execution allows it to observe and monitor the browser. The browser under observation is scanned for cryptocurrency accounts especially Bitcoin, and Ethereum.

Scammers are specifically targeting wallet addresses and automatically changing them to their own addresses through this new jacking ware.

This is not the end, the file also edits the Windows to the point of registry key modification to bypass the default Defender system in the windows.

And even that is not all; it installs Firefox protection on Firefox and another extension, Chrome Media Router on the Google-powered Chrome.

Wikipedia is already known to become a source but this is the culprit that allows injection a fake banner on Wikipedia in the target computer using javascript modifications, and the banner leads the victim into believing that Wikipedia is asking for cryptocurrency donations. Of course, the donations go to the scammers.

Advertisements

About The Author

Having been involved in the Digital Marketing industry since 2005, Dan has always been focused on performance. With a core background in research, his aim is to understand the customer behind the technology, in order to better cater for their needs, and in turn improve performance for clients. Crypto enthusiast and a true blockchain believer.